win8 object_header信息

原始链接：http://www.itnests.com/win8-64bit-_kthread-_ethread.html

dt _KTHREAD
+0x000 Header           : _DISPATCHER_HEADER
+0x018 SListFaultAddress : Ptr64 Void
+0x020 QuantumTarget    : Uint8B
+0x028 InitialStack     : Ptr64 Void
+0x030 StackLimit       : Ptr64 Void
+0x038 StackBase        : Ptr64 Void
+0x040 ThreadLock       : Uint8B
+0x048 CycleTime        : Uint8B
+0x050 CurrentRunTime   : Uint4B
+0x054 ExpectedRunTime  : Uint4B
+0x058 KernelStack      : Ptr64 Void
+0x060 StateSaveArea    : Ptr64 _XSAVE_FORMAT
+0x068 SchedulingGroup  : Ptr64 _KSCHEDULING_GROUP
+0x070 WaitRegister     : _KWAIT_STATUS_REGISTER
+0x071 Running          : UChar
+0x072 Alerted          : [2] UChar
+0x074 KernelStackResident : Pos 0, 1 Bit
+0x074 ReadyTransition  : Pos 1, 1 Bit
+0x074 ProcessReadyQueue : Pos 2, 1 Bit
+0x074 WaitNext         : Pos 3, 1 Bit
+0x074 SystemAffinityActive : Pos 4, 1 Bit
+0x074 Alertable        : Pos 5, 1 Bit
+0x074 CodePatchInProgress : Pos 6, 1 Bit
+0x074 UserStackWalkActive : Pos 7, 1 Bit
+0x074 ApcInterruptRequest : Pos 8, 1 Bit
+0x074 QuantumEndMigrate : Pos 9, 1 Bit
+0x074 UmsDirectedSwitchEnable : Pos 10, 1 Bit
+0x074 TimerActive      : Pos 11, 1 Bit
+0x074 SystemThread     : Pos 12, 1 Bit
+0x074 ProcessDetachActive : Pos 13, 1 Bit
+0x074 CalloutActive    : Pos 14, 1 Bit
+0x074 ScbReadyQueue    : Pos 15, 1 Bit
+0x074 ApcQueueable     : Pos 16, 1 Bit
+0x074 ReservedStackInUse : Pos 17, 1 Bit
+0x074 UmsPerformingSyscall : Pos 18, 1 Bit
+0x074 DisableStackCheck : Pos 19, 1 Bit
+0x074 Reserved         : Pos 20, 12 Bits
+0x074 MiscFlags        : Int4B
+0x078 AutoAlignment    : Pos 0, 1 Bit
+0x078 DisableBoost     : Pos 1, 1 Bit
+0x078 UserAffinitySet  : Pos 2, 1 Bit
+0x078 AlertedByThreadId : Pos 3, 1 Bit
+0x078 QuantumDonation  : Pos 4, 1 Bit
+0x078 EnableStackSwap  : Pos 5, 1 Bit
+0x078 GuiThread        : Pos 6, 1 Bit
+0x078 DisableQuantum   : Pos 7, 1 Bit
+0x078 ChargeOnlyGroup  : Pos 8, 1 Bit
+0x078 DeferPreemption  : Pos 9, 1 Bit
+0x078 QueueDeferPreemption : Pos 10, 1 Bit
+0x078 ForceDeferSchedule : Pos 11, 1 Bit
+0x078 ExplicitIdealProcessor : Pos 12, 1 Bit
+0x078 FreezeCount      : Pos 13, 1 Bit
+0x078 EtwStackTraceApcInserted : Pos 14, 8 Bits
+0x078 ReservedFlags    : Pos 22, 10 Bits
+0x078 ThreadFlags      : Int4B
+0x07c Spare0           : Uint4B
+0x080 SystemCallNumber : Uint4B
+0x084 Spare1           : Uint4B
+0x088 FirstArgument    : Ptr64 Void
+0x090 TrapFrame        : Ptr64 _KTRAP_FRAME
+0x098 ApcState         : _KAPC_STATE
+0x098 ApcStateFill     : [43] UChar
+0x0c3 Priority         : Char
+0x0c4 UserIdealProcessor : Uint4B
+0x0c8 WaitStatus       : Int8B
+0x0d0 WaitBlockList    : Ptr64 _KWAIT_BLOCK
+0x0d8 WaitListEntry    : _LIST_ENTRY
+0x0d8 SwapListEntry    : _SINGLE_LIST_ENTRY
+0x0e8 Queue            : Ptr64 _KQUEUE
+0x0f0 Teb              : Ptr64 Void
+0x0f8 Timer            : _KTIMER
+0x138 WaitBlock        : [4] _KWAIT_BLOCK
+0x138 WaitBlockFill4   : [20] UChar
+0x14c ContextSwitches  : Uint4B
+0x138 WaitBlockFill5   : [68] UChar
+0x17c State            : UChar
+0x17d NpxState         : Char
+0x17e WaitIrql         : UChar
+0x17f WaitMode         : Char
+0x138 WaitBlockFill6   : [116] UChar
+0x1ac WaitTime         : Uint4B
+0x138 WaitBlockFill7   : [164] UChar
+0x1dc KernelApcDisable : Int2B
+0x1de SpecialApcDisable : Int2B
+0x1dc CombinedApcDisable : Uint4B
+0x138 WaitBlockFill8   : [40] UChar
+0x160 ThreadCounters   : Ptr64 _KTHREAD_COUNTERS
+0x138 WaitBlockFill9   : [88] UChar
+0x190 XStateSave       : Ptr64 _XSTATE_SAVE
+0x138 WaitBlockFill10  : [136] UChar
+0x1c0 Win32Thread      : Ptr64 Void
+0x138 WaitBlockFill11  : [176] UChar
+0x1e8 Ucb              : Ptr64 _UMS_CONTROL_BLOCK
+0x1f0 Uch              : Ptr64 _KUMS_CONTEXT_HEADER
+0x1f8 TebMappedLowVa   : Ptr64 Void
+0x200 QueueListEntry   : _LIST_ENTRY
+0x210 NextProcessor    : Uint4B
+0x214 DeferredProcessor : Uint4B
+0x218 Process          : Ptr64 _KPROCESS
+0x220 UserAffinity     : _GROUP_AFFINITY
+0x220 UserAffinityFill : [10] UChar
+0x22a PreviousMode     : Char
+0x22b BasePriority     : Char
+0x22c PriorityDecrement : Char
+0x22c ForegroundBoost  : Pos 0, 4 Bits
+0x22c UnusualBoost     : Pos 4, 4 Bits
+0x22d Preempted        : UChar
+0x22e AdjustReason     : UChar
+0x22f AdjustIncrement  : Char
+0x230 Affinity         : _GROUP_AFFINITY
+0x230 AffinityFill     : [10] UChar
+0x23a ApcStateIndex    : UChar
+0x23b WaitBlockCount   : UChar
+0x23c IdealProcessor   : Uint4B
+0x240 ApcStatePointer  : [2] Ptr64 _KAPC_STATE
+0x250 SavedApcState    : _KAPC_STATE
+0x250 SavedApcStateFill : [43] UChar
+0x27b WaitReason       : UChar
+0x27c SuspendCount     : Char
+0x27d Saturation       : Char
+0x27e SListFaultCount  : Uint2B
+0x280 SchedulerApc     : _KAPC
+0x280 SchedulerApcFill0 : [1] UChar
+0x281 ResourceIndex    : UChar
+0x280 SchedulerApcFill1 : [3] UChar
+0x283 QuantumReset     : UChar
+0x280 SchedulerApcFill2 : [4] UChar
+0x284 KernelTime       : Uint4B
+0x280 SchedulerApcFill3 : [64] UChar
+0x2c0 WaitPrcb         : Ptr64 _KPRCB
+0x280 SchedulerApcFill4 : [72] UChar
+0x2c8 LegoData         : Ptr64 Void
+0x280 SchedulerApcFill5 : [83] UChar
+0x2d3 CallbackNestingLevel : UChar
+0x2d4 UserTime         : Uint4B
+0x2d8 SuspendEvent     : _KEVENT
+0x2f0 ThreadListEntry  : _LIST_ENTRY
+0x300 MutantListHead   : _LIST_ENTRY
+0x310 ReadOperationCount : Int8B
+0x318 WriteOperationCount : Int8B
+0x320 OtherOperationCount : Int8B
+0x328 ReadTransferCount : Int8B
+0x330 WriteTransferCount : Int8B
+0x338 OtherTransferCount : Int8B
dt _ETHREAD
   +0x000 Tcb              : _KTHREAD
+0x340 CreateTime       : _LARGE_INTEGER
+0x348 ExitTime         : _LARGE_INTEGER
+0x348 KeyedWaitChain   : _LIST_ENTRY
+0x358 ChargeOnlySession : Ptr64 Void
+0x360 PostBlockList    : _LIST_ENTRY
+0x360 ForwardLinkShadow : Ptr64 Void
+0x368 StartAddress     : Ptr64 Void
+0x370 TerminationPort  : Ptr64 _TERMINATION_PORT
+0x370 ReaperLink       : Ptr64 _ETHREAD
+0x370 KeyedWaitValue   : Ptr64 Void
+0x378 ActiveTimerListLock : Uint8B
+0x380 ActiveTimerListHead : _LIST_ENTRY
+0x390 Cid              : _CLIENT_ID
+0x3a0 KeyedWaitSemaphore : _KSEMAPHORE
+0x3a0 AlpcWaitSemaphore : _KSEMAPHORE
+0x3c0 ClientSecurity   : _PS_CLIENT_SECURITY_CONTEXT
+0x3c8 IrpList          : _LIST_ENTRY
+0x3d8 TopLevelIrp      : Uint8B
+0x3e0 DeviceToVerify   : Ptr64 _DEVICE_OBJECT
+0x3e8 SparePointer     : Ptr64 Void
+0x3f0 Win32StartAddress : Ptr64 Void
+0x3f8 LegacyPowerObject : Ptr64 Void
+0x400 ThreadListEntry  : _LIST_ENTRY
+0x410 RundownProtect   : _EX_RUNDOWN_REF
+0x418 ThreadLock       : _EX_PUSH_LOCK
+0x420 ReadClusterSize  : Uint4B
+0x424 MmLockOrdering   : Int4B
+0x428 CmLockOrdering   : Int4B
+0x42c CrossThreadFlags : Uint4B
+0x42c Terminated       : Pos 0, 1 Bit
+0x42c ThreadInserted   : Pos 1, 1 Bit
+0x42c HideFromDebugger : Pos 2, 1 Bit
+0x42c ActiveImpersonationInfo : Pos 3, 1 Bit
+0x42c HardErrorsAreDisabled : Pos 4, 1 Bit
+0x42c BreakOnTermination : Pos 5, 1 Bit
+0x42c SkipCreationMsg  : Pos 6, 1 Bit
+0x42c SkipTerminationMsg : Pos 7, 1 Bit
+0x42c CopyTokenOnOpen  : Pos 8, 1 Bit
+0x42c ThreadIoPriority : Pos 9, 3 Bits
+0x42c ThreadPagePriority : Pos 12, 3 Bits
+0x42c RundownFail      : Pos 15, 1 Bit
+0x42c UmsForceQueueTermination : Pos 16, 1 Bit
+0x42c ReservedCrossThreadFlags : Pos 17, 15 Bits
+0x430 SameThreadPassiveFlags : Uint4B
+0x430 ActiveExWorker   : Pos 0, 1 Bit
+0x430 MemoryMaker      : Pos 1, 1 Bit
+0x430 ClonedThread     : Pos 2, 1 Bit
+0x430 KeyedEventInUse  : Pos 3, 1 Bit
+0x430 SelfTerminate    : Pos 4, 1 Bit
+0x434 SameThreadApcFlags : Uint4B
+0x434 Spare            : Pos 0, 1 Bit
+0x434 StartAddressInvalid : Pos 1, 1 Bit
+0x434 EtwCalloutActive : Pos 2, 1 Bit
+0x434 OwnsProcessWorkingSetExclusive : Pos 3, 1 Bit
+0x434 OwnsProcessWorkingSetShared : Pos 4, 1 Bit
+0x434 OwnsSystemCacheWorkingSetExclusive : Pos 5, 1 Bit
+0x434 OwnsSystemCacheWorkingSetShared : Pos 6, 1 Bit
+0x434 OwnsSessionWorkingSetExclusive : Pos 7, 1 Bit
+0x435 OwnsSessionWorkingSetShared : Pos 0, 1 Bit
+0x435 OwnsProcessAddressSpaceExclusive : Pos 1, 1 Bit
+0x435 OwnsProcessAddressSpaceShared : Pos 2, 1 Bit
+0x435 SuppressSymbolLoad : Pos 3, 1 Bit
+0x435 Prefetching      : Pos 4, 1 Bit
+0x435 OwnsVadExclusive : Pos 5, 1 Bit
+0x435 OwnsChangeControlAreaExclusive : Pos 6, 1 Bit
+0x435 OwnsChangeControlAreaShared : Pos 7, 1 Bit
+0x436 OwnsPagedPoolWorkingSetExclusive : Pos 0, 1 Bit
+0x436 OwnsPagedPoolWorkingSetShared : Pos 1, 1 Bit
+0x436 OwnsSystemPtesWorkingSetExclusive : Pos 2, 1 Bit
+0x436 OwnsSystemPtesWorkingSetShared : Pos 3, 1 Bit
+0x436 TrimTrigger      : Pos 4, 2 Bits
+0x436 Spare2           : Pos 6, 2 Bits
+0x437 PriorityRegionActive : UChar
+0x438 CacheManagerActive : UChar
+0x439 DisablePageFaultClustering : UChar
+0x43a ActiveFaultCount : UChar
+0x43b LockOrderState   : UChar
+0x440 AlpcMessageId    : Uint8B
+0x448 AlpcMessage      : Ptr64 Void
+0x448 AlpcReceiveAttributeSet : Uint4B
+0x450 ExitStatus       : Int4B
+0x458 AlpcWaitListEntry : _LIST_ENTRY
+0x468 CacheManagerCount : Uint4B
+0x46c IoBoostCount     : Uint4B
+0x470 IrpListLock      : Uint8B
+0x478 ReservedForSynchTracking : Ptr64 Void
+0x480 CmCallbackListHead : _SINGLE_LIST_ENTRY
+0x488 ActivityId       : Ptr64 _GUID
+0x490 WnfContext       : Ptr64 Void
+0x498 SeLearningModeListHead : _SINGLE_LIST_ENTRY
+0x4a0 RelativeTimerBias : Uint8B